Login page, domain, and proxy server

[toQDuj]

Hi,

I have a whitelisting proxy for use at home (using privoxy) and I want to allow my kids to access churchofjesuschrist.org. However, the login pages fail to load properly and I notice that they require several more domains that I don't want to whitelist: google.com, cloudflare.net, etc.

Can the login pages be modified and use church-only domain resources so I can access it through my proxy?

Thanks!

[rmrichesjr]

Just a personal suggestion, but I'd recommend _NOT_ holding your breath. Those commercial domains were probably used for convenience for the Church department(s) that ordered the work that set things up as they currently are. Is there a way your system could detect that the Church login page is being accessed and then open those other domains for a very short period of time (maybe 15-30 seconds or so)? Perhaps you could make a page on your own web server that would act as the trigger and then redirect to the Church sign-in page.

[toQDuj]

Personally, I know the expertise already exists within the Church because it is done right now at BYU. I also know that they are good people working at providing good services and I will remain hopeful something similar may be done. I also believe it would be good to do from a self-sufficiency ethic, which I think is likely going to be mandatory in the near future anyways, given the way I see how the technology winds are blowing.

As to your other point, the `https` protocol and related infrastructure guarantees you cannot do resource inspection of a URL; domains-only can be detected/filtered. This is why I asked for this change in the first place.

[davesudweeks]

This is why I asked for this change in the first place.

We can discuss it on the forum, but if you want to ask the sponsoring departments in the church to consider making a change, that won't happen from posts here. You should provide feedback from any church page detailing what you desire. If it is important enough for you, you could also ask your stake president to bring it up in the coordinating council he is a member of with his upline general authority.

[toQDuj]

Ah OK. I'll follow a different escalation path. Thanks!

[rmrichesjr]

...

As to your other point, the `https` protocol and related infrastructure guarantees you cannot do resource inspection of a URL; domains-only can be detected/filtered. This is why I asked for this change in the first place.

The lack of ability see the full URL thanks to the HTTPS protocol is why I suggested making your own page that would trigger a momentary opening of the other domains and then redirect to the Church's real login page.

I wrote a squid3-based filter (and ad blocker since a lot of ad content was offensive to me) for my own use in 2014. When HTTPS replaced HTTP, I lost the ability to block on substrings in an URL and specific URLs. Blocking on domain names still works but isn't as precise.